Nikto is an Open Source (GPL) web server
scanner which performs comprehensive tests against web servers for
multiple items, including over 6400 potentially dangerous files/CGIs,
checks for outdated versions of over 1200 servers, and version specific
problems on over 270 servers

Note:
This is not absolutely necessary, but if you are a computer security
student or professional, you should have a BackTrack VM.

Lab
Notes

In this lab we will do the following:

We will use nikto.pl to scan the
Mutillidae website for vulnerabilities.

We will conduct some server
reconnaissance using the HTTP Methods HEAD.

We will exploit the PHP-Nuke Rocket
Vulnerability.

We will investigate the OSVBD-3233: /phpinfo.php
warning.

We will investigate the OSVDB-3268:
Directory Indexing warning.

Legal Disclaimer

As a condition of your use of this Web
site, you warrant to computersecuritystudent.com that you will not use
this Web site for any purpose that is unlawful or
that is prohibited by these terms, conditions, and notices.

In accordance with UCC § 2-316, this
product is provided with "no warranties, either express or implied." The
information contained is provided "as-is", with "no guarantee of
merchantability."

In addition, this is a teaching website
that does not condone malicious behavior of
any kind.

You are on notice, that continuing
and/or using this lab outside your "own" test environment
is considered
malicious and is against the law.

Netcat is a computer networking service
for reading from and writing to network connections using TCP or UDP.

The HEAD method is identical to GET
except that the server MUST NOT return a message-body in the
response. This method is often used for testing hypertext
links for validity, accessibility, and recent modification.

While there is no known vulnerability
or exploit associated with this, default files often reveal
sensitive information or contain unknown or undisclosed
vulnerabilities. The presence of such files may also reveal
information about the web server version or operating system (e.g.,
fedora 14).

A potentially interesting configuration
directory was found on the web server. While there is no known
vulnerability or exploit associated with this, it may contain
sensitive information (i.e., authentication) which can be disclosed
to unauthenticated remote users, or aid in more focused attacks.

Directory indexing has been found to be
enabled on the web server. While there is might not be
vulnerability or exploit associated with this, it may reveal
sensitive or "hidden" files or directories to remote users, or aid
in more focused attacks. (e.g., a test file full of password
information).